Search for packages
| purl | pkg:deb/debian/mpg123@0.61-5 |
| Next non-vulnerable version | 1.31.2-1+deb12u1 |
| Latest non-vulnerable version | 1.31.2-1+deb12u1 |
| Risk | 3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-b2uw-ydsg-fbau
Aliases: CVE-2016-1000247 |
Affected by 6 other vulnerabilities. |
|
|
VCID-cv5f-xysy-mfgb
Aliases: CVE-2017-11126 |
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. |
Affected by 1 other vulnerability. |
|
VCID-d58a-h7ew-buhk
Aliases: CVE-2017-12839 |
A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. |
Affected by 1 other vulnerability. |
|
VCID-d5pc-yexh-2kby
Aliases: CVE-2017-10683 |
In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. |
Affected by 1 other vulnerability. |
|
VCID-fnec-475d-q3gf
Aliases: CVE-2009-1301 |
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. |
Affected by 8 other vulnerabilities. |
|
VCID-rgue-duz7-fkcw
Aliases: CVE-2017-12797 |
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. |
Affected by 1 other vulnerability. |
|
VCID-sxrg-nt5k-3ffx
Aliases: CVE-2024-10573 |
mpg123: Buffer overflow when writing decoded PCM samples |
Affected by 0 other vulnerabilities. |
|
VCID-t816-d94b-rfb4
Aliases: CVE-2017-9545 |
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. |
Affected by 1 other vulnerability. |
|
VCID-u85u-m4n7-sya3
Aliases: CVE-2014-9497 |
Buffer overflow in mpg123 before 1.18.0. |
Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cqsb-s171-4khu | Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. |
CVE-2006-3355
|
| VCID-k2pp-dxbk-tbhx | The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. |
CVE-2007-0578
|
| VCID-pb63-c6sn-dqfm | Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. |
CVE-2006-1655
|